A new IRC channel, #gentoo-dev-help, is being officially announced as a place for prospective developers, ebuild authors, bug hunters, and the like to gather and trade tips and tricks about Gentoo's best practices. This channel has been newly established on irc.freenode.net since many people don't have a voice in #gentoo-dev, and to relieve the questions that are being posed in #gentoo-portage. The creators hope to attract Gentoo users, potential developers, and prospective arch testers who have questions that are more in-depth than a high volume channel like #gentoo can answer, without distracting the busy Gentoo developers from their core activities. Any developers interested in passing on their skills are welcome to come and join the new channel. In the interest of staying on topic all installation questions will be referred back to #gentoo, but all other Gentoo-related issues are fair game.
Apache blowout
Forum regular loki99 had a busy Saturday trying to contain the fury of those who got angered by the latest Apache upgrade in Gentoo Linux. Whether you agree with its provocative title or not, the thread is definitely worth watching as it has Gentoo developer Bryan Østergaard chiming in with a thorough explanation of what went up and why:
KDE 3.5 beta-ebuilds test thread
Gentoo developer Chris White rounds up a group of testers for the release of KDE 3.5, check the sticky mini-HOWTO for details on how to participate:
Marking packages stable on x86
As a consequence of GLEP 40, the new x86 arch team policy for stabling packages on x86 has changed. For end-users this will most likely have no side-effects except that packages are expected to become stable in a more timely fashion.
Vice and virtues of static libraries
A long thread about the pros and cons of having static libraries around, also some packages that show "unexpected" behaviour ("if static ncurses is unavailable, the bash ebuild will use the bundled gnutermcap (which is bad)"). You will also find a short discussion on whether to use a new USE-flag for it (or maybe abuse USE="minimal"?).
"Commercial" software in portage
Every now and then GLEP 23 gets resurrected - which means that some people want to be able to disallow packagess based on the license. Especially non-free software with restrictions on the data files would be nice to have a warning ("You need the original Game-CD to install this!"), but as long as portage doesn't implement GLEP 23 any changes to current behaviour will be a bit patchy. Some ideas like overlays (split out all non-free ebuilds) were discussed and mostly dismissed.
Germany: Gentoo developer conference call for papers
A reminder for all those actively considering a paper presentation at the European conference for Gentoo developers in November: please submit your proposals before 30 September. The same form used for registering to the event can be used for submissions of topics and brief outlines of planned presentation.
The Register (23 September 2005)
In a letter to the editor, weathered sysadmin Eoin refutes the idea of a Windows-only standard for operating systems on USB sticks that the The Register had been reporting about earlier. "Your article regarding the new U3 standard was mostly correct, baring your final assertion that Linux does not support this. As far as I can tell the idea actually evolved from the Linux heads," writes Eoin, happily acknowledging that whenever one of those Linux heads with distros on a stick visits his offices, they generally know what they're doing: "These people are using 2-4GB USB drives with almost complete versions of Gentoo and Red Hat running on them - all very impressive and thankfully I don't need to attempt (and fail) to support them if something goes wrong."
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Apache, mod_ssl: Multiple vulnerabilities
mod_ssl and Apache are vulnerable to a restriction bypass and a potential local privilege escalation.
For more information, please see the GLSA Announcement
Clam AntiVirus: Multiple vulnerabilities
Clam AntiVirus is subject to vulnerabilities ranging from Denial of Service to execution of arbitrary code when handling compressed executables.
For more information, please see the GLSA Announcement
Zebedee: Denial of Service vulnerability
A bug in Zebedee allows a remote attacker to perform a Denial of Service attack.
For more information, please see the GLSA Announcement
util-linux: umount command validation error
A command validation error in umount can lead to an escalation of privileges.
For more information, please see the GLSA Announcement
Mantis: XSS and SQL injection vulnerabilities
Mantis is affected by an SQL injection and several cross-site scripting (XSS) vulnerabilities.
For more information, please see the GLSA Announcement
Webmin, Usermin: Remote code execution through PAM authentication
If Webmin or Usermin is configured to use full PAM conversations, it is vulnerable to the remote execution of arbitrary code with root privileges.
For more information, please see the GLSA Announcement
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 18 September 2005 and 25 September 2005, activity on the site has resulted in:
Of the 8405 currently open bugs: 98 are labeled 'blocker', 189 are labeled 'critical', and 554 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Please send us your feedback and help make the GWN better.
9. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: